On Wed, 26 May 2021 06:35:46 GMT, Peter Levart <[email protected]> wrote:
>> src/java.base/share/classes/java/io/ObjectInputStream.java line 1265:
>>
>>> 1263: * must return a non-null filter. It is not permitted to remove
>>> filtering once established.
>>> 1264: * See the {@linkplain ObjectInputFilter filter models} for
>>> examples of composition and delegation.
>>> 1265: *
>>
>> Hi Roger,
>> When I first read this javadoc, I was a little confused and had to peek into
>> the implementation. After that, I understood the above text, but without
>> peeking and in-depth knowledge, I couldn't. The confusing part is the
>> apparently conflicting claims made by 1st vs. 2nd paragraph. Both talk about
>> setting the deserialization filter - the 1st just says "set the
>> deserialization filter for the stream", and with the `setObjectInputFilter`
>> method having a sole `filter` parameter, together these establish a simple
>> picture - ah, just a setter method. But no, the 2nd paragraph talks about
>> something entirely different which doesn't fit into the established picture.
>> So would it be possible to rephrase that 1st paragraph somehow? Or what
>> about starting with 2nd paragraph: "Set the deserialization filter for the
>> stream to the filter returned by invoking ...." followed by 1st paragraph:
>> "The filter can be set and only set once before reading any objects..."
>
> Also a better wording for the following paragraph could be: "This method can
> only be called once and before reading any objects with this
> ObjectInputStream"
> Talking about "The filter can only be set once" is a little confusing, since
> the filter may actually already be set to JVM-wide filter when this methods
> is called to replace it with per-OIS filter.
Rewrote and included your suggestions.
-------------
PR: https://git.openjdk.java.net/jdk/pull/3996
